Which of the following was the first mathematical model of multilevel security
policy?
A. Biba
B. Take-Grant
C. Bell-La Padula
D. Clark Wilson
Answer: C
"In the 1970's, the U.S. military used time-sharing mainframe systems and was
concerned about
these systems and leakage of classified information. The Bell-LaPadula model
was developed to
address these concerns. It was the first mathematical model of a multilevel
security policy used
to define the concept of a secure state machine and modes of access and
outline rules of access."
Pg 212 Shon Harris: All-in-One CISSP Certification
QUESTION 210:
Which security model allows the data custodian to grant access privileges to
other users?
A. Mandatory
B. Bell-LaPadula
C. Discretionary
D. Clark-Wilson
Answer: C
" Discretionary Access Control. The subject has authority, within certain
limitations, to specify
what objects are accessible." -Ronald Krutz The CISSP PREP Guide (gold
edition) pg 46
QUESTION 211:
What is one issue NOT addressed by the Bell-LaPadula model?
A. Information flow control
B. Security levels
C. Covert channels
D. Access modes
Answer: C
Actualtests.com - The Power of Knowing
CISSP
As with any model, the Bell-LaPadula model has some weaknesses. These are the
major ones.
The model considers normal channels of the information exchange and does not
address covert
channels. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 275-276
QUESTION 212:
Which one of the following access control models associates every resource and
every user of a resource with
one of an ordered set of classes?
A. Take-Grant model
B. Biba model
C. Lattice model
D. Clark-Wilson model
Answer: C
With a lattice model you first have to define a set of security classes that
can be assigned to users or
objects...After
you have defined set of security classes, you define a set flow operations
showing when information can flow
from
one class to another - Roberta Bragg Cissp Certification Training Guide (que)
pg 23
QUESTION 213:
What scheme includes the requirement that the system maintain the separation
of duty
requirement expressed in the access control triples?
A. Bella
B. Lattice
C. Clark-Wilson
D. Bell-LaPadula
Answer: C
Explanation:
Separation of duty is necessarily determined by conditions external to the
computer
system. The Clark-Wilson scheme includes the requirement that the system
maintain the
separation of duty requirement expressed in the access control triples.
Enforcement is
on a per-user basis, using the user ID from the access control triple.
QUESTION 214:
The access matrix model consists of which of the following parts? (Choose all
that apply)
A. A function that returns an objects type.
B. A list of subjects.
C. A list of objects.
Answer: A, B, C
Explanation:
The access matrix model consists of four major parts:
A list of objects
A list of subjects
A function T that returns an object's type
The matrix itself, with the objects making the columns and the subjects making
the rows
Note: This question seems to confuse access control matrix, Harris, 3rd Ed, p
169 with
access control types, Ibid, p 188ff
"An access control matrix is a table of subjects and objects indicating what
actions ...
subjects can take upon ... objects", Harris, 3rd Ed, p 169.
It would be right if item "A" was "a function that returned an access right"
QUESTION 215:
The access matrix model has which of the following common implementations?
A. Access control lists and capabilities.
B. Access control lists.
C. Capabilities.
D. Access control list and availability.
Answer: A
Explanation:
The two most used implementations are access control lists and capabilities.
Access
control lists are achieved by placing on each object a list of users and their
associated rights to that object.
QUESTION 216:
The lattice-based model aims at protecting against:
A. Illegal attributes.
B. None of the choices.
C. Illegal information flow among the entities.
D. Illegal access rights
Answer: C
Explanation:
The lattice-based model aims at protecting against illegal information flow
among the
entities. One security class is given to each entity in the system. A flow
relation
among the security classes is defined to denote that information in one class
can flow
into another class.
QUESTION 217:
Which of the following are the components of the Chinese wall model?
A. Conflict if interest.
B. All of the choices.
C. Subject
D. Company Datasets.
Answer: B
Explanation:
The model has the following component:
COMPONENT EXAMPLE
Subject Analyst
Object Data item for a single client
Company Datasets Give for each company its own company dataset
Conflict of interest classes Give for each object companies that have a
conflict of
interest
Labels Company dataset + conflict of interest class
Sanitized information No access restriction
QUESTION 218:
Enforcing minimum privileges for general system users can be easily achieved
through the
use of:
A. TSTEC
B. RBAC
C. TBAC
D. IPSEC
Answer: B
Explanation:
Ensuring least privilege requires identifying what the user's job is,
determining the
minimum set of privileges required to perform that job, and restricting the
user to a
domain with those privileges and nothing more. By denying to subjects
transactions that
are not necessary for the performance of their duties, those denied privileges
couldn't
be used to circumvent the organizational security policy. Although the concept
of least
privilege currently exists within the context of the TCSEC, requirements
restrict those
privileges of the system administrator. Through the use of RBAC, enforced
minimum
privileges for general system users can be easily achieved.
QUESTION 219:
What is necessary for a subject to have write access to an object in a Multi-
Level Security
Policy?
A. The subject's sensitivity label must dominate the object's sensitivity
label
B. The subject's sensitivity label subordinates the object's sensitivity label
C. The subject's sensitivity label is subordinated by the object's sensitivity
label
D. The subject's sensitivity label is dominated by the object's sensitivity
label
Answer: D
Reference: "
"The Bell-LaPadula model has a simple security rule, which means that a
subject cannot
read data from a higher level (no read up). The *-property rule means that a
subject
cannot write to an object at a lower level (no write down)." - Shon Harris,
"CISSP
All-in-One Exam Guide", 3rd Ed, p 327. Therefore the object must be at the
same or
higher level.
"The Bell-LaPadula model is an example of a multilevel security modelThe
Bell-LaPadula model is an example of a multilevel security model..." - Shon
Harris,
"CISSP All-in-One Exam Guide", 3rd Ed, p 298.
Simple security property. A subject can read an object if the access of the
class of the
subject dominates the access class of the object. Thus, a subject can read
down but
cannot read up." Pg 105 Hansche: Official (ISC)2 Guide to the CISSP Exam
QUESTION 220:
Which of the following security modes of operation involved the highest risk?
A. Compartmented Security Mode
B. Multilevel Security Mode
C. System-High Security Mode
D. Dedicated Security Mode
Answer: B
"Security Modes
In a secure environment, information systems are configured to process
information in one of
four security modes. These modes are set out by the Department of Defense as
follows:
Systems running compartmental security mode may process two or more types of
compartmented information. All system users must have an appropriate clearance
to access all
information processed by the system but do not necessarily have a need to know
all of the
information in the system. Compartments are subcategories or compartments
within the different
classification levels and extreme care is taken to preserve the information
within the different
compartments. The system may be classified at the Secret level but contain
five different
compartments, all classified Secret. If a user has only the need to know about
two of the five
different compartments to do their job, that user can access the system but
can only access the
two compartments. Compartmented systems are usually dedicated systems for each
specific
compartment to prevent the chance of any errors, because compartmentalization
is the most
secret of all the secrets.
Systems running in the dedicated security mode are authorized to process only
a specific
classification level at a time, and all system users must have clearance and a
need to know that
information.
Systems running in multilevel security mode are authorized to process
information at more than
one level of security even when all system users do not have appropriate
clearances or a need to
know for all information processed by the system.
Systems running in system-high security mode are authorized to process only
information that
all system users are cleared to read and to have a valid need to know. These
systems are not
trusted to maintain separation between security levels, and all information
processed by these
systems must be handled as if it were classified at the same level as the most
highly classified
information processed by the system."
Pg. 234 Tittel: CISSP Study Guide
QUESTION 221:
Controlled Security Mode is also known as:
A. Multilevel Security Mode
B. Partitioned Security Mode
C. Dedicated Security Mode
D. System-high Security Mode
Answer: A
Reference: pg 264 Krutz: CISSP Prep Guide: Gold Edition
QUESTION 222:
The unauthorized mixing of data of one sensitivity level and need-to-know with
data of a
lower sensitivity level, or different need-to-know, is called data
A. Contamination
B. Seepage
C. Aggregation
D. Commingling
Answer: A ?
WOW if you are reading these comments then you know I have disagreed with a
bunch of the
original answers!Well here is another.The original was Seepage.I think it is
Contamination.
"The intermixing of data at different sensitivity and need-to-know levels.The
lower-level
data is said to be contaminated by the higher-level data; thus contaminating
(higher-level) data might
not receive the required level of protection"-Ronald Krutz The CISSP PREP
Guide (gold
edition) pg 890
QUESTION 223:
Which one of the following should be employed to protect data against
undetected
corruption?
A. Non-repudiation
B. Encryption
C. Authentication
D. Integrity
Answer: D
QUESTION 224:
Which of the following is a communication path that is not protected by the
system's
normal security mechanisms?
A. A trusted path
B. A protection domain
C. A covert channel
D. A maintenance hook
Answer: C
QUESTION 225:
A channel within a computer system or network that is designed for the
authorized
transfer of information is identified as a(n)?
A. Covert channel
B. Overt channel
C. Opened channel
D. Closed channel
Answer: B
"An overt channel is a channel of communication that was developed
specifically for
communication purposes. Processes should be communicating through overt
channels, not covert
channels." Pg 237 Shon Harris: All-In-One CISSP Certification Guide.
QUESTION 226:
Covert channel is a communication channel that can be used for:
A. Hardening the system.
B. Violating the security policy.
C. Protecting the DMZ.
D. Strengthening the security policy.
Answer: B
Explanation:
Covert channel is a communication channel that allows transfer of information
in a
manner that violates the system's security policy.
QUESTION 227:
What is an indirect way to transmit information with no explicit reading of
confidential
information?
A. Covert channels
B. Backdoor
C. Timing channels
D. Overt channels